Malware analysis geometry dash auto speedhack.exe Malicious activity

RobTop Level SpeedHack CHALLENGE | Geometry Dash
RobTop Level SpeedHack CHALLENGE | Geometry Dash

File name: geometry dash auto speedhack.exe
Full analysis: https://app.any.run/tasks/bec2f7c0-91dd-4d38-a4d8-0f0fb8267137
Verdict: Malicious activity
Analysis date: April 02, 2018, 10:14:43
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5: 19DBEC50735B5F2A72D4199C4E184960
SHA1: 6FED7732F7CB6F59743795B2AB154A3676F4C822
SHA256: A3D5715A81F2FBEB5F76C88C9C21EEEE87142909716472F911FF6950C790C24D
SSDEEP: 192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
.exe | Win32 Executable MS Visual C++ (generic) (67.4)
.dll | Win32 Dynamic Link Library (generic) (14.2)
.exe | Win32 Executable (generic) (9.7)
.exe | Generic Win/DOS Executable (4.3)
.exe | DOS Executable Generic (4.3)
Subsystem: Windows GUI
SubsystemVersion: 5.1
ImageVersion:
OSVersion: 5.1
EntryPoint: 0x122d
UninitializedDataSize:
InitializedDataSize: 10752
CodeSize: 3072
LinkerVersion: 14
PEType: PE32
TimeStamp: 2016:07:10 14:59:43+02:00
MachineType: Intel 386 or later, and compatibles
Architecture: IMAGE_FILE_MACHINE_I386
Subsystem: IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date: 10-Jul-2016 12:59:43
Detected languages:
Magic number: MZ
Bytes on last page of file: 0x0090
Pages in file: 0x0003
Relocations: 0x0000
Size of header: 0x0004
Min extra paragraphs: 0x0000
Max extra paragraphs: 0xFFFF
Initial SS value: 0x0000
Initial SP value: 0x00B8
Checksum: 0x0000
Initial IP value: 0x0000
Initial CS value: 0x0000
Overlay number: 0x0000
OEM identifier: 0x0000
OEM information: 0x0000
Address of NE header: 0x000000D8
Signature: PE
Machine: IMAGE_FILE_MACHINE_I386
Number of sections: 5
Time date stamp: 10-Jul-2016 12:59:43
Pointer to Symbol Table: 0x00000000
Number of symbols: 0
Size of Optional Header: 0x00E0
Characteristics:

Name

Virtual Address

Virtual Size

Raw Size

Charateristics

Entropy

.text

0x00001000

0x00000B2A

0x00000C00

IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

5.85958

.rdata

0x00002000

0x000021C2

0x00002200

IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

6.35229

.data

0x00005000

0x00000194

0x00000200

IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

3.5782

.rsrc

0x00006000

0x000001E8

0x00000200

IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

4.75224

.reloc

0x00007000

0x0000020C

0x00000400

IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

3.99459

Title

Entropy

Size

Codepage

Language

Type

1

4.89623

392

UNKNOWN

English – United States

RT_MANIFEST

ADVAPI32.dll

GDI32.dll

KERNEL32.dll

PSAPI.DLL

SHELL32.dll

USER32.dll

WINMM.dll

PID

CMD

Path

Indicators

Parent process

2644 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe explorer.exe

User:

admin

Integrity Level:

MEDIUM

Exit code:

3221226540

2472 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe explorer.exe

User:

admin

Integrity Level:

HIGH

Exit code:

0

3276 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” /watchdog C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe geometry dash auto speedhack.exe

User:

admin

Integrity Level:

HIGH

1864 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” /watchdog C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe geometry dash auto speedhack.exe

User:

admin

Integrity Level:

HIGH

Exit code:

1

3756 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” /watchdog C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe geometry dash auto speedhack.exe

User:

admin

Integrity Level:

HIGH

3148 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” /watchdog C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe geometry dash auto speedhack.exe

User:

admin

Integrity Level:

HIGH

2172 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” /watchdog C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe geometry dash auto speedhack.exe

User:

admin

Integrity Level:

HIGH

3076 “C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe” /main C:\Users\admin\AppData\Local\Temp\geometry dash auto speedhack.exe geometry dash auto speedhack.exe

User:

admin

Integrity Level:

HIGH

4064 “C:\Windows\System32\notepad.exe” \note.txt C:\Windows\System32\notepad.exe geometry dash auto speedhack.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Notepad

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

1748 “C:\Windows\system32\taskmgr.exe” /4 C:\Windows\system32\taskmgr.exe explorer.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

MEDIUM

Description:

Windows Task Manager

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

PID

Process

Filename

Type

3076 geometry dash auto speedhack.exe C:\note.txt text

MD5:AFA6955439B8D516721231029FB9CA1B

SHA256:8E9F20F6864C66576536C0B866C6FFDCF11397DB67FE120E972E244C3C022270

You are watching: Malware analysis geometry dash auto speedhack.exe Malicious activity. Info created by THVinhTuy selection and synthesis along with other related topics.

Rate this post

Related Posts